I’m having an issue where the python-ldap module is returning no results, even though I am able to get results through other methods. I use the same parameters as ldapsearch, but the python code turns up nothing. This happens with a large number of hostnames that I search for.
Specifically, I am able to get valid LDAP data returned for a hostname with the following:
The following are my LDAP related modules. Note that I know the ldap module version is a little old, but as I’m running RHEL 7.5, it’s the newest I can make it without causing other dependencies to break, i.e. I had to install this via RPM.
Are there verbose settings for python-ldap I can set to see more of what's happening?
Specifically, I am able to get valid LDAP data returned for a hostname with the following:
Output:$ [2014][AD-user@host-joined-to-AD:~]$ ldapsearch -x -H ldaps://ldap-host-here.ds.subdomain.net:636 -D "[email protected]” -w ‘password-here' -b "DC=ds,DC=subdomain,DC=net" "(&(objectclass=computer)(cn=hostname-here))” |less
I also see a computer account for this system when logging into a Windows system on the domain and searching for the hostname via dsa, so I know the computer account is in AD/LDAP.The following are my LDAP related modules. Note that I know the ldap module version is a little old, but as I’m running RHEL 7.5, it’s the newest I can make it without causing other dependencies to break, i.e. I had to install this via RPM.
Output:$ pip freeze | grep ldap
ldap3==2.5.1
python-ldap==2.4.15
I run my code, and it shows nothing in the results:Output:$ ./to-post.py
Initializing LDAP connection object with uri ldaps://ldap-host-here.ds.subdomain.net:636
Binding with username username-here…
LDAP results - []
The code is below. Any thoughts on why I’m not getting anything returned, even though the computer account exists?#!/usr/bin/python import ldap ##################################### # IN: cfg, hostname, domain string # OUT: True or False (if in AD or not) def CheckIfHostInAD(cfg, hostname, env): domain = "tld-value-here" username = 'username-here' password = 'password-here' uri = "ldaps://ldap-host-here." + domain + ":636" (subdomain, tld) = domain.split('.') ## Create instance of LDAP class. No connection has been made yet. print("Initializing LDAP connection object with uri " + uri ) l = ldap.initialize(uri) #####!!! results = [] OU_setting = "" try: # When we connect, make sure to connect using LDAPv3 l.protocol_version = ldap.VERSION3 #set connection l.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER) l.set_option(ldap.OPT_X_TLS_NEWCTX, 0) print("Binding with username " + username + "...") bind = l.simple_bind_s(username, password) # When we search, the base is the level at which we want to start searching OU_setting = "" base = OU_setting + "DC=ds,DC=" + subdomain + ",DC=net" # When we search, filter results down to ones that have an objectClass of "computer" criteria = "(&(objectclass=computer)(cn=" + hostname + "))" attributes = ['name'] print("Getting hostnames in " + domain + ", base " + str(base) + ", criteria " + str(criteria) ) # Ok! Search and store the result in the variable "result" ldap_dump = l.search_s(base, ldap.SCOPE_SUBTREE, criteria, attributes) print("Found " + len(ldap_dump) + " hostnames in " + domain) # Print the results to the console for data_dict in [entry for dn, entry in ldap_dump if isinstance(entry, dict)]: results.append(data_dict["name"][0]) except Exception as e: print("error - " + e) # Now that we're done (failed or not), release the connection finally: l.unbind() print("LDAP results - " + str(results)) return results cfg = "" hostname = “short-hostname-here” env = "" result = CheckIfHostInAD(cfg, hostname, env) quit()As I noted earlier, I'd prefer not to upgrade the python-ldap module if not needed. In other words, unless there's something in a newer version where a bug resulting in no data being returned, I'd prefer not to upgrade.
Are there verbose settings for python-ldap I can set to see more of what's happening?